IPSEC-SPD-MIB

This MIB module defines configuration objects for managing
IPsec Security Policies.  In general, this MIB can be
implemented anywhere IPsec security services exist (e.g.,
bump-in-the-wire, host, gateway, firewall, router, etc.).
        
Copyright (C) The IETF Trust (2007).  This version of
this MIB module is part of RFC 4807; see the RFC itself for
full legal notices.

Imported Objects

diffServMultiFieldClfrNextFree, IfDirection, diffServMIBMultiFieldClfrGroup	DIFFSERV-MIB
InterfaceIndex	IF-MIB
InetAddress, InetAddressType	INET-ADDRESS-MIB
SnmpAdminString	SNMP-FRAMEWORK-MIB
NOTIFICATION-GROUP, OBJECT-GROUP, MODULE-COMPLIANCE	SNMPv2-CONF
OBJECT-TYPE, mib-2, Unsigned32, Integer32, NOTIFICATION-TYPE, MODULE-IDENTITY	SNMPv2-SMI
VariablePointer, StorageType, TimeStamp, TruthValue, RowStatus, TEXTUAL-CONVENTION	SNMPv2-TC

Type Definitions (4)

Name	Base Type	Values/Constraints
SpdAdminStatus	Enumeration	enabled(1), disabled(2)
SpdBooleanOperator	Enumeration	or(1), and(2)
SpdIPPacketLogging	Integer32	range: -1..65535
SpdTimePeriod	OctetString	range: 0..31

Objects

spdMIB		.1.3.6.1.2.1.153
spdConfigObjects		.1.3.6.1.2.1.153.1
spdLocalConfigObjects		.1.3.6.1.2.1.153.1.1
spdIngressPolicyGroupName	OctetString	.1.3.6.1.2.1.153.1.1.1
spdEgressPolicyGroupName	OctetString	.1.3.6.1.2.1.153.1.1.2
spdIpsoHeaderFilterTable		.1.3.6.1.2.1.153.1.10
spdIpsoHeaderFilterEntry	spdIpsoHeadFiltName	.1.3.6.1.2.1.153.1.10.1
spdIpsoHeadFiltName	OctetString	.1.3.6.1.2.1.153.1.10.1.1
spdIpsoHeadFiltType	Bits	.1.3.6.1.2.1.153.1.10.1.2
spdIpsoHeadFiltClassification	Enumeration	.1.3.6.1.2.1.153.1.10.1.3
spdIpsoHeadFiltProtectionAuth	Enumeration	.1.3.6.1.2.1.153.1.10.1.4
spdIpsoHeadFiltLastChanged	SNMPv2-TCTimeStamp	.1.3.6.1.2.1.153.1.10.1.5
spdIpsoHeadFiltStorageType	SNMPv2-TCStorageType	.1.3.6.1.2.1.153.1.10.1.6
spdIpsoHeadFiltRowStatus	SNMPv2-TCRowStatus	.1.3.6.1.2.1.153.1.10.1.7
spdCompoundActionTable		.1.3.6.1.2.1.153.1.11
spdCompoundActionEntry	spdCompActName	.1.3.6.1.2.1.153.1.11.1
spdCompActName	OctetString	.1.3.6.1.2.1.153.1.11.1.1
spdCompActExecutionStrategy	Enumeration	.1.3.6.1.2.1.153.1.11.1.2
spdCompActLastChanged	SNMPv2-TCTimeStamp	.1.3.6.1.2.1.153.1.11.1.3
spdCompActStorageType	SNMPv2-TCStorageType	.1.3.6.1.2.1.153.1.11.1.4
spdCompActRowStatus	SNMPv2-TCRowStatus	.1.3.6.1.2.1.153.1.11.1.5
spdSubactionsTable		.1.3.6.1.2.1.153.1.12
spdSubactionsEntry	spdCompActName spdSubActPriority	.1.3.6.1.2.1.153.1.12.1
spdSubActPriority	Integer32	.1.3.6.1.2.1.153.1.12.1.1
spdSubActSubActionName	SNMPv2-TCVariablePointer	.1.3.6.1.2.1.153.1.12.1.2
spdSubActLastChanged	SNMPv2-TCTimeStamp	.1.3.6.1.2.1.153.1.12.1.3
spdSubActStorageType	SNMPv2-TCStorageType	.1.3.6.1.2.1.153.1.12.1.4
spdSubActRowStatus	SNMPv2-TCRowStatus	.1.3.6.1.2.1.153.1.12.1.5
spdStaticActions		.1.3.6.1.2.1.153.1.13
spdDropAction	Integer32	.1.3.6.1.2.1.153.1.13.1
spdDropActionLog	Integer32	.1.3.6.1.2.1.153.1.13.2
spdAcceptAction	Integer32	.1.3.6.1.2.1.153.1.13.3
spdAcceptActionLog	Integer32	.1.3.6.1.2.1.153.1.13.4
spdEndpointToGroupTable		.1.3.6.1.2.1.153.1.2
spdEndpointToGroupEntry	spdEndGroupDirection spdEndGroupInterface	.1.3.6.1.2.1.153.1.2.1
spdEndGroupDirection	DIFFSERV-MIBIfDirection	.1.3.6.1.2.1.153.1.2.1.1
spdEndGroupInterface	IF-MIBInterfaceIndex	.1.3.6.1.2.1.153.1.2.1.2
spdEndGroupName	OctetString	.1.3.6.1.2.1.153.1.2.1.3
spdEndGroupLastChanged	SNMPv2-TCTimeStamp	.1.3.6.1.2.1.153.1.2.1.4
spdEndGroupStorageType	SNMPv2-TCStorageType	.1.3.6.1.2.1.153.1.2.1.5
spdEndGroupRowStatus	SNMPv2-TCRowStatus	.1.3.6.1.2.1.153.1.2.1.6
spdGroupContentsTable		.1.3.6.1.2.1.153.1.3
spdGroupContentsEntry	spdGroupContName spdGroupContPriority	.1.3.6.1.2.1.153.1.3.1
spdGroupContName	OctetString	.1.3.6.1.2.1.153.1.3.1.1
spdGroupContPriority	Integer32	.1.3.6.1.2.1.153.1.3.1.2
spdGroupContFilter	SNMPv2-TCVariablePointer	.1.3.6.1.2.1.153.1.3.1.3
spdGroupContComponentType	Enumeration	.1.3.6.1.2.1.153.1.3.1.4
spdGroupContComponentName	OctetString	.1.3.6.1.2.1.153.1.3.1.5
spdGroupContLastChanged	SNMPv2-TCTimeStamp	.1.3.6.1.2.1.153.1.3.1.6
spdGroupContStorageType	SNMPv2-TCStorageType	.1.3.6.1.2.1.153.1.3.1.7
spdGroupContRowStatus	SNMPv2-TCRowStatus	.1.3.6.1.2.1.153.1.3.1.8
spdRuleDefinitionTable		.1.3.6.1.2.1.153.1.4
spdRuleDefinitionEntry	spdRuleDefName	.1.3.6.1.2.1.153.1.4.1
spdRuleDefName	OctetString	.1.3.6.1.2.1.153.1.4.1.1
spdRuleDefDescription	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.2.1.153.1.4.1.2
spdRuleDefFilter	SNMPv2-TCVariablePointer	.1.3.6.1.2.1.153.1.4.1.3
spdRuleDefFilterNegated	SNMPv2-TCTruthValue	.1.3.6.1.2.1.153.1.4.1.4
spdRuleDefAction	SNMPv2-TCVariablePointer	.1.3.6.1.2.1.153.1.4.1.5
spdRuleDefAdminStatus	SpdAdminStatus	.1.3.6.1.2.1.153.1.4.1.6
spdRuleDefLastChanged	SNMPv2-TCTimeStamp	.1.3.6.1.2.1.153.1.4.1.7
spdRuleDefStorageType	SNMPv2-TCStorageType	.1.3.6.1.2.1.153.1.4.1.8
spdRuleDefRowStatus	SNMPv2-TCRowStatus	.1.3.6.1.2.1.153.1.4.1.9
spdCompoundFilterTable		.1.3.6.1.2.1.153.1.5
spdCompoundFilterEntry	spdCompFiltName	.1.3.6.1.2.1.153.1.5.1
spdCompFiltName	OctetString	.1.3.6.1.2.1.153.1.5.1.1
spdCompFiltDescription	SNMP-FRAMEWORK-MIBSnmpAdminString	.1.3.6.1.2.1.153.1.5.1.2
spdCompFiltLogicType	SpdBooleanOperator	.1.3.6.1.2.1.153.1.5.1.3
spdCompFiltLastChanged	SNMPv2-TCTimeStamp	.1.3.6.1.2.1.153.1.5.1.4
spdCompFiltStorageType	SNMPv2-TCStorageType	.1.3.6.1.2.1.153.1.5.1.5
spdCompFiltRowStatus	SNMPv2-TCRowStatus	.1.3.6.1.2.1.153.1.5.1.6
spdSubfiltersTable		.1.3.6.1.2.1.153.1.6
spdSubfiltersEntry	spdCompFiltName spdSubFiltPriority	.1.3.6.1.2.1.153.1.6.1
spdSubFiltPriority	Integer32	.1.3.6.1.2.1.153.1.6.1.1
spdSubFiltSubfilter	SNMPv2-TCVariablePointer	.1.3.6.1.2.1.153.1.6.1.2
spdSubFiltSubfilterIsNegated	SNMPv2-TCTruthValue	.1.3.6.1.2.1.153.1.6.1.3
spdSubFiltLastChanged	SNMPv2-TCTimeStamp	.1.3.6.1.2.1.153.1.6.1.4
spdSubFiltStorageType	SNMPv2-TCStorageType	.1.3.6.1.2.1.153.1.6.1.5
spdSubFiltRowStatus	SNMPv2-TCRowStatus	.1.3.6.1.2.1.153.1.6.1.6
spdStaticFilters		.1.3.6.1.2.1.153.1.7
spdTrueFilter	Integer32	.1.3.6.1.2.1.153.1.7.1
spdTrueFilterInstance		.1.3.6.1.2.1.153.1.7.1.0
spdIpOffsetFilterTable		.1.3.6.1.2.1.153.1.8
spdIpOffsetFilterEntry	spdIpOffFiltName	.1.3.6.1.2.1.153.1.8.1
spdIpOffFiltName	OctetString	.1.3.6.1.2.1.153.1.8.1.1
spdIpOffFiltOffset	Unsigned32	.1.3.6.1.2.1.153.1.8.1.2
spdIpOffFiltType	Enumeration	.1.3.6.1.2.1.153.1.8.1.3
spdIpOffFiltValue	OctetString	.1.3.6.1.2.1.153.1.8.1.4
spdIpOffFiltLastChanged	SNMPv2-TCTimeStamp	.1.3.6.1.2.1.153.1.8.1.5
spdIpOffFiltStorageType	SNMPv2-TCStorageType	.1.3.6.1.2.1.153.1.8.1.6
spdIpOffFiltRowStatus	SNMPv2-TCRowStatus	.1.3.6.1.2.1.153.1.8.1.7
spdTimeFilterTable		.1.3.6.1.2.1.153.1.9
spdTimeFilterEntry	spdTimeFiltName	.1.3.6.1.2.1.153.1.9.1
spdTimeFiltName	OctetString	.1.3.6.1.2.1.153.1.9.1.1
spdTimeFiltPeriod	SpdTimePeriod	.1.3.6.1.2.1.153.1.9.1.2
spdTimeFiltMonthOfYearMask	Bits	.1.3.6.1.2.1.153.1.9.1.3
spdTimeFiltDayOfMonthMask	OctetString	.1.3.6.1.2.1.153.1.9.1.4
spdTimeFiltDayOfWeekMask	Bits	.1.3.6.1.2.1.153.1.9.1.5
spdTimeFiltTimeOfDayMask	SpdTimePeriod	.1.3.6.1.2.1.153.1.9.1.6
spdTimeFiltLastChanged	SNMPv2-TCTimeStamp	.1.3.6.1.2.1.153.1.9.1.7
spdTimeFiltStorageType	SNMPv2-TCStorageType	.1.3.6.1.2.1.153.1.9.1.8
spdTimeFiltRowStatus	SNMPv2-TCRowStatus	.1.3.6.1.2.1.153.1.9.1.9
spdNotificationObjects		.1.3.6.1.2.1.153.2
spdNotifications		.1.3.6.1.2.1.153.2.0
spdNotificationVariables		.1.3.6.1.2.1.153.2.1
spdActionExecuted	SNMPv2-TCVariablePointer	.1.3.6.1.2.1.153.2.1.1
spdIPEndpointAddType	INET-ADDRESS-MIBInetAddressType	.1.3.6.1.2.1.153.2.1.2
spdIPEndpointAddress	INET-ADDRESS-MIBInetAddress	.1.3.6.1.2.1.153.2.1.3
spdIPSourceType	INET-ADDRESS-MIBInetAddressType	.1.3.6.1.2.1.153.2.1.4
spdIPSourceAddress	INET-ADDRESS-MIBInetAddress	.1.3.6.1.2.1.153.2.1.5
spdIPDestinationType	INET-ADDRESS-MIBInetAddressType	.1.3.6.1.2.1.153.2.1.6
spdIPDestinationAddress	INET-ADDRESS-MIBInetAddress	.1.3.6.1.2.1.153.2.1.7
spdPacketDirection	DIFFSERV-MIBIfDirection	.1.3.6.1.2.1.153.2.1.8
spdPacketPart	OctetString	.1.3.6.1.2.1.153.2.1.9
spdConformanceObjects		.1.3.6.1.2.1.153.3
spdCompliances		.1.3.6.1.2.1.153.3.1
spdGroups		.1.3.6.1.2.1.153.3.2
spdActions		.1.3.6.1.2.1.153.4

Notifications/Traps

Name	OID	Description
spdActionNotification spdActionExecuted spdIPEndpointAddType spdIPEndpointAddress spdIPSourceType spdIPSourceAddress spdIPDestinationType spdIPDestinationAddress spdPacketDirection	.1.3.6.1.2.1.153.2.0.1	on that an action was executed by a rule. Only actions with logging enabled will result in this notification getting sent. The object includes the spdActionExecuted object, which will indicate which action was executed within the scope of the rule. Additionally, the spdIPSourceType, spdIPSourceAddress, spdIPDestinationType, and spdIPDestinationAddress objects are included to indicate the packet source and destination of the packet that triggered the action. Finally, the spdIPEndpointAddType, spdIPEndpointAddress, and spdPacketDirection objects indicate which interface the executed action was associated with, and if the packet was ingress or egress through the endpoint. A spdActionNotification SHOULD be limited to a maximum of one notification sent per minute for any action notifications that do not have any other configuration controlling their send rate. Note that compound actions with multiple executed sub-actions may result in multiple notifications being sent from a single rule execution.
spdPacketNotification spdActionExecuted spdIPEndpointAddType spdIPEndpointAddress spdIPSourceType spdIPSourceAddress spdIPDestinationType spdIPDestinationAddress spdPacketDirection spdPacketPart	.1.3.6.1.2.1.153.2.0.2	on that a packet passed through a Security Association (SA). Only SAs created by actions with packet logging enabled will result in this notification getting sent. The objects sent MUST include the spdActionExecuted, which will indicate which action was executed within the scope of the rule. Additionally, the spdIPSourceType, spdIPSourceAddress, spdIPDestinationType, and spdIPDestinationAddress objects MUST be included to indicate the packet source and destination of the packet that triggered the action. The spdIPEndpointAddType, spdIPEndpointAddress, and spdPacketDirection objects are included to indicate which endpoint the packet was associated with. Finally, spdPacketPart is included to enable sending a variable sized part of the front of the packet with the size dependent on the value of the object of TC syntax 'SpdIPPacketLogging', which indicated that logging should be done. A spdPacketNotification SHOULD be limited to a maximum of one notification sent per minute for any action notifications that do not have any other configuration controlling their send rate. An action notification SHOULD be limited to a maximum of one notification sent per minute for any action notifications that do not have any other configuration controlling their send rate.

Name

OID

Description

spdActionNotification
spdActionExecuted
spdIPEndpointAddType
spdIPEndpointAddress
spdIPSourceType
spdIPSourceAddress
spdIPDestinationType
spdIPDestinationAddress
spdPacketDirection

.1.3.6.1.2.1.153.2.0.1

on that an action was executed by a rule.
Only actions with logging enabled will result in this
notification getting sent.  The object includes the
spdActionExecuted object, which will indicate which action
was executed within the scope of the rule.  Additionally,
the spdIPSourceType, spdIPSourceAddress,
spdIPDestinationType, and spdIPDestinationAddress objects
are included to indicate the packet source and destination
of the packet that triggered the action.  Finally, the
spdIPEndpointAddType, spdIPEndpointAddress, and
spdPacketDirection objects indicate which interface the
executed action was associated with, and if the packet was
ingress or egress through the endpoint.
          
A spdActionNotification SHOULD be limited to a maximum of
one notification sent per minute for any action
notifications that do not have any other configuration
controlling their send rate.
          
Note that compound actions with multiple executed
sub-actions may result in multiple notifications being sent
from a single rule execution.

spdPacketNotification
spdActionExecuted
spdIPEndpointAddType
spdIPEndpointAddress
spdIPSourceType
spdIPSourceAddress
spdIPDestinationType
spdIPDestinationAddress
spdPacketDirection
spdPacketPart

.1.3.6.1.2.1.153.2.0.2

on that a packet passed through a Security
Association (SA).  Only SAs created by actions with packet
logging enabled will result in this notification getting
sent.  The objects sent MUST include the spdActionExecuted,
which will indicate which action was executed within the
scope of the rule.  Additionally, the spdIPSourceType,
spdIPSourceAddress, spdIPDestinationType, and
spdIPDestinationAddress objects MUST be included to
indicate the packet source and destination of the packet
that triggered the action.  The spdIPEndpointAddType,
spdIPEndpointAddress, and spdPacketDirection objects are
included to indicate which endpoint the packet was
associated with.  Finally, spdPacketPart is included to
enable sending a variable sized part of the front of the
packet with the size dependent on the value of the object of
TC syntax 'SpdIPPacketLogging', which indicated that logging
should be done.
          
A spdPacketNotification SHOULD be limited to a maximum of
one notification sent per minute for any action
notifications that do not have any other configuration
controlling their send rate.
          
An action notification SHOULD be limited to a maximum of
one notification sent per minute for any action
notifications that do not have any other configuration
controlling their send rate.